Login Sign Up

CVE-2021-28604

7.8 HIGH
Remote Code Execution

📋 TL;DR

Adobe After Effects versions 18.2 and earlier contain a heap-based buffer overflow vulnerability when parsing malicious files. An attacker can exploit this to execute arbitrary code with the victim's privileges, requiring the user to open a specially crafted file. This affects all users running vulnerable versions of Adobe After Effects.

💻 Affected Systems

Products:
  • Adobe After Effects
Versions: 18.2 and earlier
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable by default when parsing files.

📦 What is this software?

After Effects by Adobe

View all CVEs affecting After Effects →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with the current user's privileges, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration after a user opens a malicious After Effects project file.

🟢

If Mitigated

No impact if users avoid opening untrusted files or if the system is patched.

🌐 Internet-Facing: LOW - Exploitation requires user interaction with a malicious file, not network exposure.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (opening a malicious file) but no authentication. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.2.1 or later

Vendor Advisory: https://helpx.adobe.com/security/products/after_effects/apsb21-49.html

Restart Required: Yes

Instructions:

1. Open Adobe Creative Cloud application. 2. Navigate to the 'Apps' tab. 3. Find Adobe After Effects and click 'Update'. 4. Restart After Effects after installation completes.

🔧 Temporary Workarounds

Restrict file execution

all

Configure application control to block execution of untrusted After Effects project files.

User awareness training

all

Train users to only open After Effects files from trusted sources.

🧯 If You Can't Patch

  • Implement application whitelisting to block After Effects execution entirely.
  • Use network segmentation to isolate systems running vulnerable versions.

🔍 How to Verify

Check if Vulnerable:

Check Adobe After Effects version via Help > About After Effects. If version is 18.2 or earlier, it is vulnerable.

Check Version:

On Windows: Check version in Help > About After Effects. On macOS: Check version in After Effects > About After Effects.

Verify Fix Applied:

Verify version is 18.2.1 or later in Help > About After Effects.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of After Effects with memory access violations
  • Unusual process creation from After Effects

Network Indicators:

  • Outbound connections from After Effects to suspicious IPs

SIEM Query:

Process creation where parent process is After Effects and command line contains suspicious parameters

📊 Metadata

CVE ID: CVE-2021-28604
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-122
Published: August 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28604, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)